At a glance.
- Wide-ranging cyberespionage campaign by China's Ministry of State Security.
- EvilProxy phishing tool targets executives, and defeats multifactor authentication.
- Vulnerabilities in CPUs.
- Yashma ransomware targets a wide range of countries.
- MacOS threat trends.
- Report: Data breach at UK's Electoral Commission may represent a Russian attempt to disrupt British elections.
- Ukraine claims to have stopped a Russian spyware campaign.
- Patch Tuesday notes, August 2023.
Wide-ranging cyberespionage campaign by China's Ministry of State Security.
Recorded Future’s Insikt Group has published a report on RedHotel, a threat actor answering to China's Ministry of State Security, that's prospecting targets primarily in Southeast Asia but in other regions as wall. Microsoft tracks RedHotel as Charcoal Typhoon; Secureworks calls it Bronze University. The operation appears to be run for the Ministry of State Security by contractors operating from Chengdu. Recorded Future thinks RedHotel's activity is marked by unusual scope and intensity. "Since at least 2019," the Insikt Group writes, "RedHotel has exemplified a relentless scope and scale of wider PRC state-sponsored cyber-espionage activity by maintaining a high operational tempo and targeting public and private sector organizations globally. The group often utilizes a mix of offensive security tools, shared capabilities, and bespoke tooling." The shared, commodity tools include, the Record says, ShadowPad and Winnti; the bespoke malware includes Spyder and FunnySwitch.